Wietse Venema <wie...@porcupine.org> writes: > Derek Atkins: >> Viktor Dukhovni <postfix-us...@dukhovni.org> writes: >> >> > On Fri, Jun 01, 2012 at 12:35:54PM -0400, Derek Atkins wrote: >> > >> >> >> mynetworks = 127.0.0.0/8 1.2.3.4/24 192.168.1.0/24 >> >> >> [2001:1234:1234::]/48 >> >> >> [fe80::]/10 [fe80::%eth0]/10 [::1]/128 >> >> >> >> Yes, I have. In fact that was the first thing I tried, but it didn't >> >> work. I added the interface descriptor on the theory that it was >> >> outputting it so therefore it might want it. Obviously that didn't >> >> help, either. > > Postfix has never output interface descriptor information unless some > helpful port maintainer added support to 'improve' this.
Yes, it did, and it had nothing to do with a "helpful port maintainer". E.g. this output: May 31 15:55:31 mail2 postfix/smtpd[29712]: connect from unknown[fe80::20c:29ff:fecf:7df0%eth0] Notice the "%eth0" at the end of the link-local address? This has nothing to do with the "port" and everything to do with postfix and how it interpretted the IP->string conversion. Indeed, Fedora pretty much takes postfix as-is and applies very few patches. Note that this log message was with postfix-2.7.7. >> > See http://archives.neohapsis.com/archives/postfix/2010-11/thread.html#295 >> > Postfix does not AFAIK support link-local address scopes. >> >> For the record, this appears to have been fixed somewhere between 2.7 >> and 2.9; I just backported 2.9.2 to my mail server and using >> mynetworks = [fe80::]/10 works as I would expect it to. > > Postfix has always wortked this way unless some helpful port maintainer > added support to break this. Again, I beg to differ. It has NOT always worked this way (see above). In fact, this diff between 2.7.7 and 2.9.2 shows exactly how is has NOT always worked that way and how you fixed it: --- postfix-2.7.7/src/smtpd/smtpd_peer.c 2008-04-28 20:06:08.0000 00000 -0400 +++ postfix-2.9.2/src/smtpd/smtpd_peer.c 2012-01-02 19:57:59.0000 00000 -0500 @@ -225,6 +226,14 @@ state->port = mystrdup(client_port.buf); /* + * XXX Strip off the IPv6 datalink suffix to avoid false alarms with + * strict address syntax checks. + */ +#ifdef HAS_IPV6 + (void) split_at(client_addr.buf, '%'); +#endif + + /* * We convert IPv4-in-IPv6 address to 'true' IPv4 address early on, * but only if IPv4 support is enabled (why would anyone want to turn * it off)? With IPv4 support enabled we have no need for the IPv6 And I'm pretty sure that this is the patch (to postfix!) that fixed the problem for me. Once I upgraded from 2.7.7 to 2.9.2 not only did my configuration suddenly start working, but lo and behold the log messages changed, too! E.g.: Jun 2 04:10:02 mail2 postfix/smtpd[2315]: connect from unknown[fe80::20c:29ff:fe4e:1302] Notice the lack of the "%eth0" in this log message? The only change between this log message and the previous log message (above) is upgrading postfix from 2.7.7 to 2.9.2, so I would say it is EXACTLY postfix that changed, and nothing more. So again, thank you for fixing it somewhere between 2.7.7 and 2.9.2, because contrary to what you imply ipv6 link local addresses have not "always worked this way" (in postfix). Enjoy! (and thank you, even if you maintain you didn't fix it) > Wietse -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warl...@mit.edu PGP key available
